PfSense on 3 Servers (3 Sites VPN)



  • Hello All,

    First time poster! (Yay!?)

    I'm interested in rolling out pfSense over our network, we currently have 4 servers in play (not really used much for anything right now), 3 of those are the same (quad-core xeon, 16gb ddr3, 8tb storage) whereas the 4th is a god amongst the others (8-core, 32gb ddr3, 32tb storage).

    I'm planning on placing 1 server at each location, the 4th / "god" being at the main site for DHCP, Active Directory, etc… Each of those 3 similar servers will be running pfSense at each location.

    My main question (I searched the forums, either inputting the wrong term or something) is do I have the ability with pfSense to have a sort of central command or management? Whereas I can make a change at one location and it blanket the entire network vs. configuring the same settings each time on every one?

    Also, in terms of VPN... is VPN built-in to pfSense or is a third-party required? I'm open to suggestions of 3rd party if that is the case.

    If you have any input as to how you would work with this setup, I'm more than happy to hear any suggestions.

    Thank you in advance!



  • There has been talk about a central config management system for some time, but so far nothing has actually happened. So you have to do settings on each system individually.

    VPN is built-in - OpenVPN or IPsec for site-to-site secure connections, or road warrior conecting back in…

    I assume you will run pfSense in a VM on that hardware, and also use it as a server/s.



  • @phil.davis:

    There has been talk about a central config management system for some time, but so far nothing has actually happened. So you have to do settings on each system individually.

    VPN is built-in - OpenVPN or IPsec for site-to-site secure connections, or road warrior conecting back in…

    I assume you will run pfSense in a VM on that hardware, and also use it as a server/s.

    Each system individually is a drag, maybe I can (since the 3 servers I'm going to use match up perfectly) set things up how I want it the first time (for the most part at least) and just clone the drive over to each one? (The WAN IP would differ, but I'm sure the Config will let me change that after the fact) Or do you see a complication with doing this?

    Also, I was thinking pfSense would be more optimal or provide better security alone vs. being on a VM would it not? That would be a interesting discussion to have. Being that this is a school and records are kept (for the most part) locally, I'd love to keep it as secure as possible from any intrusion.


  • LAYER 8 Netgate

    If you have the same config (or at least the same starting point) on the same hardware just connect to 192.168.1.1 and upload the config. Done.


Log in to reply